| Message ID | 1475054968-14875-1-git-send-email-marcel.ziswiler@toradex.com |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Stefano Babic |
| Headers | show |
On 28/09/2016 11:29, Marcel Ziswiler wrote: > From: Stefan Agner <stefan.agner@toradex.com> > > To create the soc environment variable we concatenate two strings > on the stack. So far, strcat has been used for the first string as > well as for the second string. Since the variable on the stack is > not initialized, the first strcat may not start using the first > entry in the character array. This then could lead to an buffer > overflow on the stack. > > Signed-off-by: Stefan Agner <stefan.agner@toradex.com> > Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com> > --- > > Changes in v2: > - Re-based and re-send. > > arch/arm/cpu/armv7/vf610/generic.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm/cpu/armv7/vf610/generic.c b/arch/arm/cpu/armv7/vf610/generic.c > index 08b9ef4..50eb0c6 100644 > --- a/arch/arm/cpu/armv7/vf610/generic.c > +++ b/arch/arm/cpu/armv7/vf610/generic.c > @@ -322,7 +322,7 @@ int arch_misc_init(void) > { > char soc[6]; > > - strcat(soc, "vf"); > + strcpy(soc, "vf"); > strcat(soc, soc_type); > setenv("soc", soc); > > Applied to u-boot-imx, thanks ! Best regards, Stefano Babic
diff --git a/arch/arm/cpu/armv7/vf610/generic.c b/arch/arm/cpu/armv7/vf610/generic.c index 08b9ef4..50eb0c6 100644 --- a/arch/arm/cpu/armv7/vf610/generic.c +++ b/arch/arm/cpu/armv7/vf610/generic.c @@ -322,7 +322,7 @@ int arch_misc_init(void) { char soc[6]; - strcat(soc, "vf"); + strcpy(soc, "vf"); strcat(soc, soc_type); setenv("soc", soc);